% ^ 



REF ID:A55252 



COPT 



DEPA mssm OF HB@E 
ARMED FORGES SECURITY AGK3SGY 
Washing-Son 25 , D. C« 



AFSA-ll/meb 
SUL 18 1951 



MEMJRJVHDUM FOR AFSA-12 



Subject; Comment on OS GIB 13/195 , "Measures for the Increased Security 
of C-QMINT" - ' 

1 0 AFSA-11 recommends that we take the position of supporting tho 
principles of this proposal while reserving judgement on details* This 
is a logical position to take, because it would be useless to belabor 
the details (same of which need second thoughts) until we have seme as- 
surance that the general principles on which they axe based have general 
XT. So acceptance* 

2* In my opinion, these principles are forced on ua whether we like 
them or not* The basic purpose of, the new proposal is to increase the 
security of really top-level, really sensitive GOMUST, and to increase 
the usefulness of lower-level, less sensitive CCMEHT. It is proposed to 
do this by separating the two, and handling them differently, so that 
the high-level, sensitive GOMEHT will not be imperilled by association 
with low-level COMENT which requires wide dissemination, and the low- 
level GQMINI will not be sewed up to the point of uselessness by associa- 
tion with high-level COME NT which requires stringent safeguards* Unless 
yon separate them, you will not accomplish this purpose * 

So The salient feature of the new proposal, then, is the method 
of division of CGLilNT into separate categories* The proposed categori- 
zation can be celled a departure from or not a departure from the basic 
principles of the present Appendix B depending on how far down you go 
in your definition of "basic 1 *. The original 1946 Appendix B provided 
for dividing COMBIT into categories based broadly on difficulty of pro- 
duction. The proposed version does the same thing, so that there is 
really no departure from the old principle in that respect* Khere the 
difference lies is in the direction of slicing the categories* The 
Original division was a horizontal one— cryptanalysis was difficult, so 
it formed the top category, with greatly limited dissemination— traffic 
analysis was leas difficult, so it formed the lower category, with loos 
restricted dissemination. (I ignore for the moment tho fact that, in 
practice, no difference was made in degrees of dissemination. ) Thus, 
with any specific body of foreign traffic, you could crypt analyze it and 
disseminate the product narrowly as top-category COMINT, or traffle- 
analyae it and put out tho product more widely as lew-level COMINI. 

4. This basis of categorizing began to come loose at the seams 
almost as soon as it was devised* The nature of the problem was suohj 
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or began to become such, that the neat distinction between difficulty 
sensitive cryptanalysis and easy, insensitive traffic analysis simply 
did not hold. This was recognised in 1948 in amendments to appendix B 
by which exceptional shifts of category could be made for specific eases 
of "easy" cryptanalysis and "difficult" traffic analysis. This make- 
shift seemed to patch up* the old Appendix B almost adequately for a while, 
but the plain language problem and various problems brought out by the 
Korean War, and which have been partially solved on a piece-meal basis, 
have shown that a more fundamental change is needed. 

5. The present proposal provides for a vertical category division 
by technical difficulty and sensitivity of the foreign communications 
themselves, rather than by what is done with them. This statement, 
though an oversimplification, is essentially true. Of course, the pro- 
posed top category will continue to contain largely the products of 
cryptanalysis, and very few of traffic analysis, and the bottom category 
will be heavily traffic analysis— but this will be because of the nature 
of things, and not because of artificialities created by category defini- 
tions, as at present. (Under the proposal, categorization, in practice, 
will be specific— for each new GOMNT job as it comes up someone will 
have to determine what category it belongs to. At present, the category 
is prescribed by blanket rules which, as of ton as not, fail to satisfy 
the needs in individual cases.) 

6, The details of how much we are going to take the wraps off the 
low-level stuff, and what the code-words will be, and how handled, and 
whether there shall be one level of clearance or two or four, require 
some study, and 1 do not propose to go into that now. It seems to me 
that USOIB most agree (1) that the four proposed categories are neces- 
sary, (8) that the higher ones must come under rules predicated on high, 
security , and (3) that the lower ones must com© under rules predicated 
on usefulness . This much agreed on, we should present these basic points 
to ISIB, to get their reaction. Only then need we start haggling over 
the details of implementation. The proposed revised Appendix B submitted 
with the paper is merely one way of doing it— there are many others. 
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